Spotify[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Spotify.exe
Size

20.9MB
MD5

62569513286da958da29a51b80cf82a8
SHA1

b0854da98191255736769c73c287c72146c4efa4
SHA256

ea4f26702f60db553f760e57bdec3e361a033076a48d7eb557c3e61169f79ef9
SHA512

82825825e1750b167391667a4937fd3eb2e0822cf9ec887cf071abdc3c48f7e73f37b077a76d883a236a416668b51f444bcf524c3e0051a7a4c9eaed1c29f2ce
SSDEEP

393216:Rkc4Yv5qG+r/wFv0KUIRLd7OMmu2cMTqqJhcq4Ve2afSsj0ugURYsi:R74YBEw9UI9diMmu4Tqxaf0fsi

Score

1^/10

Malware Config

Signatures

Files

Spotify.exe
.exe windows:6 windows x86 arch:x86

1a0f173d7dc9d97eb3f65f661f5895f0

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:ab:67:0a:61:bf:4b:7d:af:d5:59:35:6b:5b:cc:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

04/10/2023, 00:00

Not After

03/10/2024, 23:59

Subject

SERIALNUMBER=556703-7485,CN=Spotify AB,O=Spotify AB,L=Stockholm,C=SE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025345

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c4:02:d7:64:43:ee:b1:14:75:df:ab:d3:1c:b2:fd:c6:c8:f6:d1:c0:20:c5:7e:42:91:6e:95:f2:e4:49:34:1a
Signer

Actual PE Digest

c4:02:d7:64:43:ee:b1:14:75:df:ab:d3:1c:b2:fd:c6:c8:f6:d1:c0:20:c5:7e:42:91:6e:95:f2:e4:49:34:1a

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACloseEvent
WSASetEvent
gethostbyname
WSAStringToAddressW
WSACreateEvent
inet_addr
WSARecv
getsockname
listen
WSAAddressToStringW
WSASocketW
WSASendTo
WSASend
sendto
WSARecvFrom
__WSAFDIsSet
accept
getprotobyname
WSAEventSelect
WSAGetLastError
WSASetLastError
setsockopt
select
htons
ioctlsocket
closesocket
bind
ntohs
ntohl
WSAStartup
htonl
WSAEnumNetworkEvents
socket
WSACleanup
WSAWaitForMultipleEvents
send
recvfrom
recv
freeaddrinfo
getaddrinfo
getpeername
shutdown
WSAIoctl
getsockopt
connect

gdiplus

GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipCreateFont
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDeleteFont
GdipDeleteGraphics
GdipCreateHICONFromBitmap
GdipCreateHBITMAPFromBitmap
GdipAlloc
GdipDrawString
GdipFree
GdipStringFormatGetGenericDefault
GdipCloneBrush
GdipDeleteBrush
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatAlign
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSetStringFormatLineAlign
GdipCreateBitmapFromStream
GdipDisposeImage
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdiplusStartup
GdiplusShutdown
GdipFillEllipse
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCreateSolidFill

dbghelp

SymSetOptions
SymCleanup
SymGetSearchPathW
SymSetSearchPathW
SymInitialize
SymGetLineFromAddr64
SymFromAddr

ntdll

RtlCaptureStackBackTrace
RtlInitUnicodeString
VerSetConditionMask
RtlUnwind

oleaut32

SysAllocStringByteLen
SysFreeString
SysAllocString
SetErrorInfo
SysStringLen
VariantClear
GetErrorInfo

userenv

CreateAppContainerProfile
DeriveAppContainerSidFromAppContainerName

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
CreateRemoteThread
GetCurrentThreadId
GetStartupInfoW
ExitProcess
GetCurrentProcess
TerminateProcess
CreateThread
TerminateThread
QueueUserAPC
CreateProcessW
TlsAlloc
TlsGetValue
TlsSetValue
ExitThread
TlsFree
GetCurrentThread
GetProcessTimes
SetThreadPriority
SwitchToThread
GetExitCodeThread
DeleteProcThreadAttributeList
GetThreadId
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
GetExitCodeProcess
ResumeThread

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetTickCount64
GetWindowsDirectoryW
GetVersion
GetSystemTimeAsFileTime
GetLocalTime
GetTickCount
GetLogicalProcessorInformation
GetSystemTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetCurrentProcessorNumber
OpenProcess
GetProcessHandleCount
SetProcessMitigationPolicy
GetProcessMitigationPolicy

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA
LockResource
SizeofResource
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetModuleHandleExW
GetProcAddress
FreeLibraryAndExitThread
LoadStringW
LoadResource
SetDefaultDllDirectories
LoadLibraryExA
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
CreateEventA
LeaveCriticalSection
CreateMutexW
OpenMutexW
AcquireSRWLockExclusive
InitializeCriticalSection
EnterCriticalSection
SetEvent
ReleaseSRWLockExclusive
DeleteCriticalSection
WaitForSingleObject
WaitForMultipleObjectsEx
SleepEx
CreateEventW
OpenEventA
ResetEvent
SetWaitableTimer
CreateEventExW
ReleaseSemaphore
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared
CreateMutexA
InitializeCriticalSectionAndSpinCount

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
SetCurrentDirectoryW
SetStdHandle
GetCurrentDirectoryW
GetEnvironmentStringsW
GetCommandLineA
FreeEnvironmentStringsW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetStdHandle

api-ms-win-core-file-l1-1-0

FindNextFileW
GetFullPathNameW
GetFileAttributesExW
FindFirstFileExW
FindClose
GetFileSize
FindFirstFileW
GetFileType
GetDriveTypeW
GetFileAttributesW
WriteFile
LockFile
RemoveDirectoryW
UnlockFile
GetVolumePathNameW
GetTempFileNameW
DeleteFileW
GetDiskFreeSpaceExW
CreateDirectoryW
FlushFileBuffers
SetFileAttributesW
SetEndOfFile
GetFileSizeEx
SetFilePointerEx
ReadFile
GetFileTime
CreateFileW
GetFileInformationByHandle
GetLongPathNameW

api-ms-win-core-heap-l1-1-0

GetProcessHeaps
HeapSetInformation
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
HeapDestroy

api-ms-win-core-localization-l1-2-0

GetUserDefaultLangID
GetUserDefaultLocaleName
IsValidLocale
FormatMessageA
GetLocaleInfoEx
LCMapStringW
FormatMessageW
LCMapStringEx
GetCPInfo
GetOEMCP
EnumSystemLocalesW
GetLocaleInfoW
GetACP
GetUserDefaultLCID
GetUserPreferredUILanguages
IsValidCodePage

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar
CompareStringW
CompareStringEx

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-console-l1-1-0

AllocConsole
SetConsoleCtrlHandler
WriteConsoleA
ReadConsoleW
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP

api-ms-win-core-handle-l1-1-0

SetHandleInformation
CloseHandle
DuplicateHandle

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
GlobalAlloc
LocalAlloc

api-ms-win-core-file-l2-1-0

CreateDirectoryExW
ReplaceFileW
CopyFileExW
MoveFileExW
ReadDirectoryChangesW

api-ms-win-core-com-l1-1-0

StringFromCLSID
CoSetProxyBlanket
CoTaskMemFree
CoCreateInstance
CoGetApartmentType
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoInitializeSecurity
CoCreateFreeThreadedMarshaler
CoGetObjectContext
PropVariantClear

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
SystemParametersInfoW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
GetTimeZoneInformation

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
GetQueuedCompletionStatus
CancelIoEx
PostQueuedCompletionStatus
DeviceIoControl

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW
WaitForMultipleObjects

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA
LoadLibraryW
FindResourceW

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
WakeConditionVariable
InitOnceComplete
Sleep
WakeAllConditionVariable

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW
GetComputerNameW
GetSystemPowerStatus
UnregisterWait
RegisterWaitForSingleObject
CreateFileMappingA

api-ms-win-core-toolhelp-l1-1-0

Process32NextW
Process32FirstW
CreateToolhelp32Snapshot

api-ms-win-core-psapi-l1-1-0

K32GetModuleInformation
K32GetProcessMemoryInfo
K32GetModuleFileNameExW

mswsock

GetAcceptExSockaddrs
AcceptEx

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalUnlock
GlobalLock

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualProtectEx
CreateFileMappingW
UnmapViewOfFile
VirtualFree
VirtualAlloc
VirtualQueryEx
VirtualQuery
VirtualAllocEx
MapViewOfFile
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx

api-ms-win-core-synch-ansi-l1-1-0

CreateSemaphoreA
OpenMutexA

api-ms-win-core-kernel32-legacy-l1-1-2

OpenFileMappingA

api-ms-win-core-console-l1-2-0

AttachConsole

api-ms-win-core-console-l3-2-0

GetCurrentConsoleFont

api-ms-win-core-job-l2-1-0

SetInformationJobObject
CreateJobObjectW
AssignProcessToJobObject

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetProductInfo

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetStatusCallback
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpSetCredentials
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpSetOption
WinHttpSetTimeouts
WinHttpQueryHeaders

api-ms-win-core-file-l1-2-2

GetTempPathA
AreFileApisANSI

iphlpapi

GetAdaptersAddresses

crypt32

CertGetNameStringA

wintrust

WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo
SetConsoleTextAttribute

api-ms-win-core-localization-l1-2-1

EnumSystemLocalesEx

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-processthreads-l1-1-2

SetThreadInformation

api-ms-win-core-processtopology-obsolete-l1-1-0

SetThreadAffinityMask

api-ms-win-mm-time-l1-1-0

timeGetTime

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW

kernel32

QueryDosDeviceW
QueryInformationJobObject
SetProcessDEPPolicy
TerminateJobObject
K32EnumProcessModules
PowerClearRequest
PowerSetRequest
PowerCreateRequest
RegisterApplicationRestart

dsound

ord11
ord2

avrt

AvSetMmThreadCharacteristicsW
AvSetMmThreadPriority
AvRevertMmThreadCharacteristics

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SubmitThreadpoolWork
CloseThreadpoolWork
TrySubmitThreadpoolCallback

Exports

Exports

GetHandleVerifier
IsSandboxedProcess

Sections

.text
Size: 11.6MB - Virtual size: 11.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

malloc_h
Size: 512B - Virtual size: 243B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6.3MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a0f173d7dc9d97eb3f65f661f5895f0

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:ab:67:0a:61:bf:4b:7d:af:d5:59:35:6b:5b:cc:ffCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

c4:02:d7:64:43:ee:b1:14:75:df:ab:d3:1c:b2:fd:c6:c8:f6:d1:c0:20:c5:7e:42:91:6e:95:f2:e4:49:34:1aSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

gdiplus

dbghelp

ntdll

oleaut32

userenv

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-io-l1-1-1

api-ms-win-core-libraryloader-l1-2-1

bcrypt

api-ms-win-core-synch-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-core-psapi-l1-1-0

mswsock

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-synch-ansi-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-2

api-ms-win-core-console-l1-2-0

api-ms-win-core-console-l3-2-0

api-ms-win-core-job-l2-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

winhttp

api-ms-win-core-file-l1-2-2

iphlpapi

crypt32

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:ab:67:0a:61:bf:4b:7d:af:d5:59:35:6b:5b:cc:ff
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c4:02:d7:64:43:ee:b1:14:75:df:ab:d3:1c:b2:fd:c6:c8:f6:d1:c0:20:c5:7e:42:91:6e:95:f2:e4:49:34:1a
Signer

.text
Size: 11.6MB - Virtual size: 11.6MB

malloc_h
Size: 512B - Virtual size: 243B

.rdata
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 6.3MB - Virtual size: 6.5MB

.rsrc
Size: 67KB - Virtual size: 67KB